New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
computer science
information technology control and audit
Information Technology Control And Audit 5th Edition Angel R. Otero - Solutions
Describe current challenges of big data to organizations. How do these challenges impact project managers and the project management field?
How does a system development life cycle (SDLC) provide an environment that is conducive to successful systems development?
Summarize the common phases in the traditional system development life cycle (SDLC) approach.
A company is developing a new system. As the internal IT auditor, you recommend that planning for the new system development should be consistent with the SDLC framework. IT personnel have identified the following as major activities to be completed within the upcoming system development. –
Explain what conversion procedures referred to as part of implementing a new system.
Prepare a one-page, two-column audit program table listing all risks you can think of that are significant to any organization when implementing the SDLC phases. Next to the risks, list relevant IT controls and procedures that should be in place to mitigate the risks listed. Make sure you document
Why should disaster recovery plans be addressed during an implementation as opposed to after?
List advantages and disadvantages for each of the System Development approaches discussed in the chapter.
Why is a help desk function critical to system development? Discuss its interrelationship with the problem management and reporting system.
Differentiate between the various system test events. Describe what aspects of the system are covered during each event.
Why is it necessary for programmers to have good documentation as part of the operations and maintenance phase of the SDLC?
The chapter highlights nine key responsibilities for auditors when involved in a SD&I project. By becoming involved at strategic points during such process, auditors can ensure that the system being developed and implemented is well controlled and auditable. List and explain in your own words the
Discuss how the IT auditor can benefit an organization’s system development and implementation process.
Differentiate between the two roles IT auditors can take on in a SD&I project.
Throughout the system development and implementation project, the IT auditor will make control recommendations to management resulting from identified findings. Explain why recommendations from IT auditors may often be rejected.
Explain why unauthorized remote access represents a risk to applications.
A company allows orders to be placed directly through its Web site. Describe the three most prominent application system risks that could contribute to unauthorized access to a customer’s order information. Identify controls to put in place to mitigate those risks.
Explain how incomplete, duplicate, and untimely processing can negatively impact applications.
A payroll department has a time sheet application where employees enter their hours worked. Describe the two most prominent application system risks and the controls that would help mitigate those risks. Departments within a company have their own technical support person who creates and maintains
List seven common risks associated with EUD application systems.
Departments within a company have their own technical support person who creates and maintains the applications. Describe three risks associated with this practice. What controls would you recommend to help minimize those risks?
How can EUD applications become incompatible systems?
Explain the significance of application controls and provide examples on how they are used to safeguard the input, processing, and output of information.
In today’s environment, the threat of computer viruses is high because of the unlimited number of sources from which they can be introduced. Computer viruses can be copied from a disk, downloaded from an infected Web page, spread among computers connected within a network, etc. Describe the risks
Explain what EDI means. Describe potential implications resulting from risks related to application systems exchanging electronic business information.
List and explain five secure coding principles and practices according to OWASP for Web applications.
Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do input controls refer to? Briefly describe what input controls ensure.
Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do processing controls refer to? Briefly describe what processing controls ensure.
Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do output controls refer to? Briefly describe what output controls ensure.
Implementing policies, procedures, and techniques assist changes and modifications to systems (e.g., programs, applications, etc.) to be properly authorized, tested, approved, and carefully distributed or controlled. Without proper controls like the one above, there is a risk that unauthorized
Discuss what emergency changes are and why do they require “special” attention from management.
Explain the benefits for organizations of implementing a well-defined and structured change control management process.
Discuss why revising documentation is an important part of change management.
Discuss the three types of changes typically implemented in systems and applications.
Explain the purpose of a change request form. Why should change request procedures be documented?
Using an Internet Web browser, search and examine two recent (within the last 5years) situations where the implementation of changes and/or modifications to existing financial application systems have failed. Your task: Summarize why such implementations failed. Then, identify solutions or controls
Describe the controls typically included when following good software distribution practices.
Following your recommendation, your organization just created a Change Control Management Board or Committee (Board) to oversee the recently-implemented change control management process. As the Chair of the Board, prepare (using a memorandum format) a document to discuss and present to all members
Why are physical security and access controls important to organizations? List at least six examples of physical security and access controls.
Once approved, changes should be scheduled for implementation. At this point, all key people and departments affected by a change should be notified of the upcoming implementation. List those who may require such notification.
Summarize how the National Institute of Standards and Technology defines the process of software configuration management.
Describe the interdependencies between IT change management and organizational change management.
What is the objective of a change control management audit? List at least seven procedures in a change control management audit.
Policies and procedures related to IS operations are considered essential for every IT environment, why?
Data processing controls help ensure that data is validly processed, and that any exceptions noted while processing will be detected and corrected. What are some of the key questions managers ask in order to address unusual events, failures, or errors resulting from data being processed?
Explain the purpose of data center audits.
Differentiate between blackouts and brownouts. Research the Internet and provide one example where a blackout took place during the last five years. Do the same for a brownout.
List potential areas that backup policies, procedures, standards, and/or guidance should cover to ensure the availability of data significant to the operation of the organization.
Exhibit 12.1 lists common techniques used to commit cybercrimes. For each of these techniques, research the Internet and provide the names of one or two entities that have been impacted by such technique in the last 5–7 years. Briefly describe how the technique was used in the attack.Exhibit 12.1
What is the risk to organizations of not having a comprehensive business continuity plan in place in the event of an emergency?
As the Senior IT auditor, you are having a planning meeting with the client’s IT management. The IT manager is in the process of creating a disaster recovery plan (DRP) to put the organization in a better position when responding to (and recovering from) threats that may disrupt normal business
List control activities the IT auditor can perform to evaluate and test an organization’s DRP.
Mention potential areas a company policy related to End-user Computing groups should cover.
Explain each of the three organization’s strategic business objectives attained through implementation of information security. What are the associated risks that would prevent achieving them?
Pick two of the recent technologies discussed in this chapter that have already started to revolutionize organizations, how business is done, and the dynamics of the workplace. Describe the technology and provide examples of three risks each technology would likely add to the organization.
List information, screenshots, reports, etc. that the IT auditor would likely request from a client in order to conduct an information security audit. Why is this information important for the IT auditor?
Briefly describe six commonly-used techniques used to commit cybercrimes according to this chapter.
A potential client asks you to provide a draft of the IT audit program (objectives and control procedures) you would use and follow in order to audit information security at her organization. Provide your response in memo format, documenting (a) audit objectives the audit program will focus on, and
Define COBIT. Describe the COBIT 5 principles that help organizations create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.
List and describe typical roles within information security, and their responsibilities in protecting the organization’s information.
Provide two or three examples of information security controls within the following management processes: a. Vulnerability b. Threat c. Trust d. Identity e. Incident
Information security test results should be recorded and, according to NIST, those test results should include?
The Company you work for is in the process of determining whether to have an information security audit (ISA) performed. Even though the Company is not (yet) required to have an ISA for compliance purposes with laws, rules, and/or regulations, they are very aware of the benefits such audit can
List 10 sources for audit tools, best practices, and/or relevant audit information when performing information security audits that were discussed in this chapter.
Why is it important to have a strategy in place? What would be the goal of having such strategy?
Name and summarize control areas that the IT auditor should include in his or her review when examining a software acquisition.
List the seven basic steps of a software acquisition process.
As stated in the textbook, outsourcing refers to the transfer of service delivery to a third party, allowing companies to concentrate on core competencies. As the IT Audit Manager, your client asks for advice on outsourcing, specifically whether they should outsource their main financial accounting
Describe the methods that can be used in gathering system requirements information.
Using an Internet web browser, search for AICPA’s Statement on Standards for Attestation Engagements (SSAE) No. 18, and perform the following: a. Explain the relevance of SSAE 18 and what does it report on. b. Identify advantages of SSAE 18 to auditors. c. Contrast SSAE 18 (as appropriate)
What are the advantages and disadvantages for contracted or in-house development?
When measuring application and infrastructure services, an important measure for both is the number of changes, why?
There are many tools available to assist organizations in implementing service management processes. Tools are needed to capture performance, usage metrics from the various platforms, and to consolidate and report on all of this information. Describe common examples of service management tools
Distinguish between outsourcing and off-shoring.
Explain the following relevant terms and concepts when involved in an audit of a service organization. a. Service organization. b. User entity. c. Roles and responsibilities of user auditor. d. Roles and responsibilities of service auditor. e. Purpose of AICPA’s Statements on Standards for
Showing 100 - 200
of 175
1
2
Step by Step Answers
Get 50% OFF
Claim Now
